On 2020-09-26 23:31, Daniel Pocock wrote:
1) check for differences between source file sectors on each source drive
[...]
I could imagine using kpartx to script a solution to (1) above, skipping
over the md headers. Some kind of shim may be needed to fool the kernel
to see a different UUID
Roberto Ragusa wrote on Mon, Sep 28, 2020:
> >I could imagine using kpartx to script a solution to (1) above, skipping
> >over the md headers. Some kind of shim may be needed to fool the kernel
> >to see a different UUID for each source volume so they can be mounted
> >simultaneously without md.
>
Hi Fernando,
I'm a packager sponsor. I'm happy to take over qjackctl and sponsor
Christoph as a co-maintainer to help look after it.
Could you please give me ownership of the package? My FAS is:
ankursinha.
--
Thanks,
Regards,
Ankur Sinha "FranciscoD" (He / Him / His) |
https://fedoraproject.
On 28.09.2020 06:44, Paul Wouters wrote:
> Unfortunately, with my upgrade to fedora 33 I was unwittingly upgraded
> to systemd-resolved. I want to remove it from my system, but I cannot
> because it is not even a sub-package of systemd, it is part of the
> core systemd package.
You can always easi
No missing expected images.
Soft failed openQA tests: 1/7 (x86_64)
(Tests completed, but using a workaround for a known bug)
Old soft failures (same test soft failed in Fedora-Cloud-32-20200927.0):
ID: 678981 Test: x86_64 Cloud_Base-qcow2-qcow2 cloud_autocloud
URL: https://openqa.fedoraproj
Hi Jan,
On Fri, 2020-09-25 at 11:43 +0200, Jan Kratochvil wrote:
> On Fri, 25 Sep 2020 01:35:43 +0200, Mark Wielaard wrote:
> > Replying since I am mentioned by name in this proposal and it seems to
> > argue for removing a feature I am currently working on to make sure it
> > works correctly with
On Mon, Sep 28, 2020 at 12:31:59PM +0200, Mark Wielaard wrote:
> Finally I am interested in your proposal to implement a different way
> to reduce the size of DIE trees by eliminating "unused" DIEs. It is
> hard to predict what effect that would have without seeing an
> implementation (in theory GC
No missing expected images.
Passed openQA tests: 7/7 (x86_64)
--
Mail generated by check-compose:
https://pagure.io/fedora-qa/check-compose
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedorap
OLD: Fedora-Rawhide-20200927.n.0
NEW: Fedora-Rawhide-20200928.n.0
= SUMMARY =
Added images:2
Dropped images: 1
Added packages: 0
Dropped packages:0
Upgraded packages: 41
Downgraded packages: 0
Size of added packages: 0 B
Size of dropped packages:0 B
Size
Missing expected images:
Xfce raw-xz armhfp
Failed openQA tests: 11/181 (x86_64)
New failures (same test not failed in Fedora-Rawhide-20200927.n.0):
ID: 679030 Test: x86_64 Workstation-live-iso desktop_update_graphical
URL: https://openqa.fedoraproject.org/tests/679030
Old failures (same
No missing expected images.
Soft failed openQA tests: 1/16 (x86_64)
(Tests completed, but using a workaround for a known bug)
Old soft failures (same test soft failed in Fedora-IoT-34-20200921.0):
ID: 679170 Test: x86_64 IoT-dvd_ostree-iso iot_clevis
URL: https://openqa.fedoraproject.org/te
On Mon, Sep 28, 2020 at 12:44:13AM -0400, Paul Wouters wrote:
>
> >Subject: Re: Fedora 33 System-Wide Change proposal: systemd-resolved
>
> I was just hit by the first bug in systemd-resolved 4 days after I
> upgraded to fedora33. I will file a bug report for that, but I wanted
> to discuss somet
Hi,
On Fri, 2020-09-25 at 17:18 +0200, Florian Weimer wrote:
> * Robbie Harwood:
> > Jan Kratochvil writes:
> > > So why is Google using it for everything?
> >
> > If I could eliminate one bad thought pattern in software design it would
> > probably be this one.
> >
> > In brief: you are not Go
Hi,
when looking at a recent issue when a change to lorax templates broke
composes for ppc64le and s390x I have found that there are packages
that explicitly require the ncurses package and I wonder if all of these
Requires are correct. Because quite some time ago there was a split so
"ncurses" on
I haven't seen anything obvious in the mailing list lately so maybe it's
just me?
$ rpkg
'Namespace' object has no attribute 'command'
Thanks,
Richard
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@li
On 28/09/2020 12:47, Zbigniew Jędrzejewski-Szmek wrote:
You're mixing a few different things here. We decided to not enable
DNSSEC in resolved with this change, at least initially. For most
users, DNSSEC is problematic because various intermediary DNS servers
found in hotspots and routers don't
OLD: Fedora-33-20200927.n.0
NEW: Fedora-33-20200928.n.0
= SUMMARY =
Added images:1
Dropped images: 1
Added packages: 2
Dropped packages:0
Upgraded packages: 33
Downgraded packages: 0
Size of added packages: 6.54 MiB
Size of dropped packages:0 B
Size of
On 9/28/20 6:47 AM, Zbigniew Jędrzejewski-Szmek wrote:
Instructions were already posted by Vitaly, so I won't repeat that here.
I'll just note that the scriptlet in systemd.rpm looks for
'Generated by NetworkManager' in /etc/resolv.conf as an indicator that
the file is autogenerated.
Which is a
On Mon, 28 Sep 2020 14:08:48 +0200, Mark Wielaard wrote:
> It is certainly a clever setup and makes sense if your build bottleneck
> is sending files around between different machines. But I don't think
> this is the generic Fedora packager or developer use case.
I agree and I do not propose anywh
On 28/09/2020 09:31, Dominique Martinet wrote:
> Roberto Ragusa wrote on Mon, Sep 28, 2020:
>>> I could imagine using kpartx to script a solution to (1) above, skipping
>>> over the md headers. Some kind of shim may be needed to fool the kernel
>>> to see a different UUID for each source volume
On Mon, Sep 28, 2020 at 01:45:02PM +0100, Tom Hughes wrote:
> On 28/09/2020 12:47, Zbigniew Jędrzejewski-Szmek wrote:
>
> >You're mixing a few different things here. We decided to not enable
> >DNSSEC in resolved with this change, at least initially. For most
> >users, DNSSEC is problematic becaus
On Mon, Sep 28, 2020 at 07:57:13AM -0500, Ian Pilcher wrote:
> On 9/28/20 6:47 AM, Zbigniew Jędrzejewski-Szmek wrote:
> >Instructions were already posted by Vitaly, so I won't repeat that here.
> >I'll just note that the scriptlet in systemd.rpm looks for
> >'Generated by NetworkManager' in /etc/re
No missing expected images.
Failed openQA tests: 2/181 (x86_64)
Old failures (same test failed in Fedora-33-20200927.n.0):
ID: 679355 Test: x86_64 KDE-live-iso apps_startstop
URL: https://openqa.fedoraproject.org/tests/679355
ID: 679366 Test: x86_64 KDE-live-iso desktop_notifications_p
Hey,
Fedora 33 IoT test day is on 2020-09-30. As Fedora IoT becomes the
part of Fedora Editions, to ensure we test the bits properly, we are
going to have a test day [0] where we will be focusing on testing the
IoT builds and reporting bugs.
[0] ttp://fedoraproject.org/wiki/Test_Day:2020-09-30_F
No missing expected images.
Soft failed openQA tests: 1/16 (x86_64)
(Tests completed, but using a workaround for a known bug)
Old soft failures (same test soft failed in Fedora-IoT-33-20200925.0):
ID: 679562 Test: x86_64 IoT-dvd_ostree-iso iot_clevis
URL: https://openqa.fedoraproject.org/te
On Monday, 28 September 2020 at 15:30, Zbigniew Jędrzejewski-Szmek wrote:
[...]
> What was the setup you were using? If this is something that we can
> reliably detect, I think it it would make sense to adjust the scriptlet
> that enables systemd-resolved to print a hint about needing to set DNSSEC
On Mon, Sep 28, 2020 at 07:57:13AM -0500, Ian Pilcher wrote:
> On 9/28/20 6:47 AM, Zbigniew Jędrzejewski-Szmek wrote:
> > Instructions were already posted by Vitaly, so I won't repeat that here.
> > I'll just note that the scriptlet in systemd.rpm looks for
> > 'Generated by NetworkManager' in /etc
at an init 3 stance, which has NetworkManager active, i start an init 5.
when all is said and done, NetworkManager has been deactivated, IE not
restarted bec of the settings in NetworkManager.service .
So I have to manually restart NetworkManager.
Why is this so?
_
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org
On 28/09/2020 14:30, Zbigniew Jędrzejewski-Szmek wrote:
What was the setup you were using? If this is something that we can
reliably detect, I think it it would make sense to adjust the scriptlet
that enables systemd-resolved to print a hint about needing to set DNSSEC=yes.
(Or maybe even set th
On Mon, Sep 28, 2020 at 12:44 am, Paul Wouters wrote:
My fedora
mail server uses DNSSEC based TLSA records to prevent MITM attacks
on the STARTTLS layer, which is now completely broken. My IPsec VPN
server uses dnssec validation using the specified nameserves in
/etc/resolve.conf that now point
On Mon, 28 Sep 2020 at 14:44, Richard Shaw wrote:
>
> I haven't seen anything obvious in the mailing list lately so maybe it's just
> me?
>
> $ rpkg
> 'Namespace' object has no attribute 'command'
Hello,
What are versions of rpkg and python3-rpkg in your system? By the way,
do you use that comm
On Mon, 28 Sep 2020, Zbigniew Jędrzejewski-Szmek wrote:
This change is harmful to network security, impacts existing installations
depending on DNSSEC security, and leaks private queries for VPN/internal
domains to the open internet, and prefers faster non-dnssec answers
over dnssec validated an
On Mon, Sep 28, 2020 at 03:07:39PM +0200, Daniel Pocock wrote:
> 5. you can now use
>
> rsync --dry-run /mnt/sda1_non_raid /mnt/btrfs_new
>
> to see if every file on the sda1 side of the mirror matches what was
> copied to Btrfs
Add --checksum to the rsync invocation. Otherwise, rsync reli
On Mon, Sep 28, 2020 at 09:23:47AM -0500, Michael Catanzaro wrote:
> *cannot* enable DNSSEC, where VPN users often expect split DNS, and
> where we cannot expect users to configure anything manually,
> systemd-resolved is solving a real problem that nss-dns will never
> be able to handle.
Can we g
Hi,
Am 28.09.20 um 13:47 schrieb Zbigniew Jędrzejewski-Szmek:
> I'm not sure what you mean by that. It is true that /etc/resolv.conf
> is not able to express split DNS. But it is still in place, with contents
> that try to express the actual DNS configuration to the extent possible.
as one who had
On Mon, 28 Sep 2020, Michael Catanzaro wrote:
If you're running mail servers or VPN servers, you can probably configure the
DNS to your liking, right? Either enable DNSSEC support in systemd-resolved,
or disable systemd-resolved. I'm not too concerned about this
You should be concerned ab
* Michael Catanzaro:
> If you're running mail servers or VPN servers, you can probably
> configure the DNS to your liking, right? Either enable DNSSEC support
> in systemd-resolved, or disable systemd-resolved. I'm not too
> concerned about this
What about end users who just enable a VPN cli
On Mon, Sep 28, 2020 at 10:28 am, Paul Wouters wrote:
This is better thant it was five years ago. I'm glad some things were
at least successfully conveyed in the Brno meeting. However, this
still
leaks queries meant for the LAN or VPN onto the wide internet and is
still a privacy and security
On Mon, 28 Sep 2020 12:31:59 +0200, Mark Wielaard wrote:
> If you want to make -fdebug-types-sections the default you really
> should work with the upstream GCC developers to figure out why they
> don't want that.
I haven't seen that, according to Richard Biener from GCC
-fdebug-types-section is a
On Mon, Sep 28, 2020 at 10:29 am, Matthew Miller
wrote:
On Mon, Sep 28, 2020 at 09:23:47AM -0500, Michael Catanzaro wrote:
*cannot* enable DNSSEC, where VPN users often expect split DNS, and
where we cannot expect users to configure anything manually,
systemd-resolved is solving a real pro
Am 28.09.20 um 13:47 schrieb Zbigniew Jędrzejewski-Szmek:
> DNSSEC support in resolved can be enabled through resolved.conf.
Why isn't that the default, if this resolver can do it?
Best regards,
Marius
___
devel mailing list -- devel@lists.fedoraproject
On 28/09/2020 15:57, Marius Schwarz wrote:
Am 28.09.20 um 13:47 schrieb Zbigniew Jędrzejewski-Szmek:
DNSSEC support in resolved can be enabled through resolved.conf.
Why isn't that the default, if this resolver can do it?
Because DNSSEC is a disaster area and if you try and use it
on random n
On Mon, Sep 28, 2020 at 4:39 pm, Florian Weimer
wrote:
My understanding is that the DNS request routing in systemd-resolved
effectively disables any security mechanisms on the VPN side, and
instructs most current browsers to route DNS requests to centralized
DNS
servers for all requests (i.e.,
On Mon, Sep 28, 2020 at 4:32 pm, Marius Schwarz
wrote:
as one who had split horizone dns setups, it's not the client who
splits, it's the server.
It's really the client... or the server running on the client:
nss-dns (traditional): split DNS impossible. No way to ever split DNS.
dnsmasq, syst
On Mon, 28 Sep 2020 12:42:33 +0200, Jakub Jelinek wrote:
> On Mon, Sep 28, 2020 at 12:31:59PM +0200, Mark Wielaard wrote:
> > Finally I am interested in your proposal to implement a different way
> > to reduce the size of DIE trees by eliminating "unused" DIEs. It is
> > hard to predict what effect
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
We wanted to send out a heads-up to let folks know that once Infrastructure
Freeze is lifted this week, we will be enabling modular builds for Fedora ELN.
Once this happens, `platform:eln` will become available as a target for module
builds. For anyo
* Michael Catanzaro:
> On Mon, Sep 28, 2020 at 4:39 pm, Florian Weimer
> wrote:
>> My understanding is that the DNS request routing in systemd-resolved
>> effectively disables any security mechanisms on the VPN side, and
>> instructs most current browsers to route DNS requests to centralized
>> D
Hi,
When building the kernel with perf enabled from the src.rpm
kernel-5.9.0-0.rc6.20200925git171d4ff79f96.17.fc34.src.rpm
I get an error. There seems to be an error in one of the build
scripts. This was not a problem in src.rpm for
kernel-5.9.0-0.rc4.20200911git581cb3a26baf.8.fc34.src.rpm
The
* Michael Catanzaro:
> "Fedora 33 uses systemd-resolved for name resolution. Most users will
> not notice any difference, but VPN users will benefit from safer
> defaults that ensure DNS requests are sent to the same network that
> would receive the corresponding traffic, avoiding unexpected DNS
On Mon, 28 Sep 2020 12:31:59 +0200, Mark Wielaard wrote:
> I do find your statistics per package useful because they show dwz is
> in general effective by producing at least 20% (more) on-disk size
> reduction,
I am ignoring the on-disk size, I always measure just *-debuginfo.rpm size.
If anyone
On Mon, Sep 28, 2020 at 5:18 pm, Florian Weimer
wrote:
But the DNS view provided by the Red Hat VPN is what disables the
centralized DNS resolvers in browsers in these configurations. The
magic browser probe no longer fails with the change in DNS routing
(which the proposal confusingly names “S
On Mon, Sep 28, 2020 at 05:15:16PM +0200, Jan Kratochvil wrote:
> On Mon, 28 Sep 2020 12:42:33 +0200, Jakub Jelinek wrote:
> > On Mon, Sep 28, 2020 at 12:31:59PM +0200, Mark Wielaard wrote:
> > > Finally I am interested in your proposal to implement a different way
> > > to reduce the size of DIE t
https://bugzilla.redhat.com/show_bug.cgi?id=1883265
--- Comment #1 from Upstream Release Monitoring
---
Created attachment 1717285
--> https://bugzilla.redhat.com/attachment.cgi?id=1717285&action=edit
[patch] Update to 1.006 (#1883265)
--
You are receiving this mail because:
You are on th
* Michael Catanzaro:
> On Mon, Sep 28, 2020 at 5:18 pm, Florian Weimer
> wrote:
>> But the DNS view provided by the Red Hat VPN is what disables the
>> centralized DNS resolvers in browsers in these configurations. The
>> magic browser probe no longer fails with the change in DNS routing
>> (whi
On Mon, 28 Sep 2020 17:35:26 +0200, Jakub Jelinek wrote:
> So, was this compiled by GCC or clang?
Fedora Koji package:
lldb-debuginfo-11.0.0-0.2.rc3.fc34.x86_64
GNU GIMPLE 10.2.1 20200916 (Red Hat 10.2.1-4) -m64 -mtune=generic -march=x86-64
-g -g -g -O2 -O2 -O2 -O2 -fno-openmp -fno-opena
I don't think my description is misleading
On Mon, Sep 28, 2020 at 5:28 pm, Florian Weimer
wrote:
* The change disables protection mechanisms built into corporate VPNs
that require them to observe all DNS traffic. Now this may sound
rather weak as far as countermeasures go, but DNS-bas
On 9/28/20 8:32 AM, Zbigniew Jędrzejewski-Szmek wrote:
Yeah, that test is far from ideal, but we need something. If you have
a constructive proposal how to improve it, I'm all ears.
I anticipated this question. I don't have a good proposal for you ...
but I believe that it's up to the people a
As a reminder to the community, we've reached the point in the year
where jurisdictions around the world begin or end summer time. Be sure
to check your recurring meetings on Fedocal[1] to make sure you know
when you're meeting. Some meetings are set to a fixed time UTC and
others are set to a part
On Mon, 28 Sep 2020, Tom Hughes via devel wrote:
On 28/09/2020 15:57, Marius Schwarz wrote:
Am 28.09.20 um 13:47 schrieb Zbigniew Jędrzejewski-Szmek:
DNSSEC support in resolved can be enabled through resolved.conf.
Why isn't that the default, if this resolver can do it?
Because DNSSEC is
On Mon, Sep 28, 2020 at 05:46:08PM +0200, Jan Kratochvil wrote:
> > A way out of this could be either to use comdat .debug_info etc. sections
> > (but that would result in quite large increase of *.o file sizes), or let
> > the linker or a tool like DWZ discard or simplify such DIEs.
> > I don't se
On Mon, Sep 28, 2020 at 10:51 am, Ian Pilcher
wrote:
I anticipated this question. I don't have a good proposal for you ...
but I believe that it's up to the people advocating/implementing this
change to come up with that. If it isn't possible to automate this
change in a reliable way, maybe it
On Mon, Sep 28, 2020 at 11:56:28AM -0400, Paul Wouters wrote:
> And that's why DNS-Over-TLS (DoT) and DNS-over-HTTPS (DoH) are now
> being deployed. And why browsers are, contrary to Michael Catanzaro's
> wrong claim, overriding the system DNS already. See Mozilla's TRR
> program https://wiki.mozil
On Mon, Sep 28, 2020 at 11:57 AM Paul Wouters wrote:
>
> On Mon, 28 Sep 2020, Tom Hughes via devel wrote:
>
> > On 28/09/2020 15:57, Marius Schwarz wrote:
> >> Am 28.09.20 um 13:47 schrieb Zbigniew Jędrzejewski-Szmek:
> >>> DNSSEC support in resolved can be enabled through resolved.conf.
> >> W
On Mon, Sep 28, 2020 at 10:34:07AM -0500, Michael Catanzaro wrote:
> Hm, I'm pretty sure this is a Firefox-specific issue, right?
> Fedora's Firefox is patched to use system DNS, so it shouldn't
> matter for us. I'm not aware of any other browser that ignores
Is this actually the case? I can't fin
On Mon, Sep 28, 2020 at 12:04:27PM -0400, Matthew Miller wrote:
> > Hm, I'm pretty sure this is a Firefox-specific issue, right?
> > Fedora's Firefox is patched to use system DNS, so it shouldn't
> > matter for us. I'm not aware of any other browser that ignores
> Is this actually the case? I can't
On Mon, Sep 28, 2020 09:51:10 +0100, Ankur Sinha wrote:
> Hi Fernando,
>
> I'm a packager sponsor. I'm happy to take over qjackctl and sponsor
> Christoph as a co-maintainer to help look after it.
>
> Could you please give me ownership of the package? My FAS is:
> ankursinha.
Or, you can orphan
On 28/09/2020 16:56, Paul Wouters wrote:
On Mon, 28 Sep 2020, Tom Hughes via devel wrote:
On 28/09/2020 15:57, Marius Schwarz wrote:
Am 28.09.20 um 13:47 schrieb Zbigniew Jędrzejewski-Szmek:
DNSSEC support in resolved can be enabled through resolved.conf.
Why isn't that the default, if th
On Mon, Sep 28, 2020 at 11:56 am, Paul Wouters wrote:
And that's why DNS-Over-TLS (DoT) and DNS-over-HTTPS (DoH) are now
being deployed. And why browsers are, contrary to Michael Catanzaro's
wrong claim, overriding the system DNS already. See Mozilla's TRR
program https://wiki.mozilla.org/Trust
On Mon, 28 Sep 2020, Michael Catanzaro wrote:
I don't think it would be smart for employees to voluntarily opt-in to
sending all DNS to their employer anyway... there's little benefit to the
employee, and a lot of downside.
Again, it is not up to systemd to limit valid use cases.
Perhaps Lis
On Mon, Sep 28, 2020 at 11:11 am, Michael Catanzaro
wrote:
Florian just linked to that same chromium.org page as evidence that
Chrome is not ignoring system DNS. :) Indeed, if you read the page,
they're only using DNS over HTTPS (DoH) if system DNS matches a
hardcoded list of providers that su
On Mon, 28 Sep 2020, Michael Catanzaro wrote:
Anyway, if you don't like this heuristic, we could decide to always delete
/etc/resolv.conf.
You will break all software linked against libunbound that uses the
ub_ctx_resolvconf() function. Most users of libunbound will use this,
because firewalls
On Mon, Sep 28, 2020 at 11:11:31AM -0500, Michael Catanzaro wrote:
> hardcoded list of providers that support DoH. So I believe I'm
> correct to say that only Firefox is doing that... and we have
> already patched Firefox to not do that.
Just for clarity since it confused me: configured by default
On Mon, Sep 28, 2020 at 4:48 AM Zbigniew Jędrzejewski-Szmek <
zbys...@in.waw.pl> wrote:
> On Mon, Sep 28, 2020 at 12:44:13AM -0400, Paul Wouters wrote:
> >
> > >Subject: Re: Fedora 33 System-Wide Change proposal: systemd-resolved
> >
>
> > paul@thinkpad:~$ dig +dnssec vpn.nohats.ca @127.0.0.53
> >
* Michael Catanzaro:
> I don't think it would be smart for employees to voluntarily opt-in to
> sending all DNS to their employer anyway... there's little benefit to
> the employee, and a lot of downside. Importantly, if you're looking in
> your network settings and you see a checkbox that says "
On Mon, Sep 28, 2020 at 12:14 pm, Paul Wouters wrote:
There are use cases for and against routing all DNS over your VPN. If
systemd wants to play system resolver, it needs to be able to be
configured for either use case. You don't get to limit our use cases.
It *can* be configured for either c
* Andrew Lutomirski:
> Paul may well have been mixing different things here, but I don't
> think you answered the one that seems like the most severe problem:
> systemd-resolved removed perfectly valid DNSSEC records that were
> supplied by the upstream server. One might reasonably debate whether
On 9/28/20 1:51 AM, Ankur Sinha wrote:
Hi Fernando,
Hi Ankur,
I'm a packager sponsor. I'm happy to take over qjackctl and sponsor
Christoph as a co-maintainer to help look after it.
Could you please give me ownership of the package? My FAS is:
ankursinha.
Thank you so much for helping with
You can do this, but again, you need to use the command line. E.g.
'resolvectl dns tun0 8.8.8.8'
We're actually no longer debating how systemd-resolved works; rather,
we're now debating how NetworkManager chooses to configure
systemd-resolved. systemd-resolved just does what it's told to do.
On Mon, Sep 28, 2020 at 9:27 AM Andrew Lutomirski wrote:
> On Mon, Sep 28, 2020 at 4:48 AM Zbigniew Jędrzejewski-Szmek <
> zbys...@in.waw.pl> wrote:
>
>> On Mon, Sep 28, 2020 at 12:44:13AM -0400, Paul Wouters wrote:
>> >
>> > >Subject: Re: Fedora 33 System-Wide Change proposal: systemd-resolved
>
On Mon, Sep 28, 2020 at 10:05:09AM -0500, Michael Catanzaro wrote:
> [1] https://fedoraproject.org/wiki/Changes/systemd-resolved#Split_DNS
This link second time… there's a lot of text, but no example of
configuration file for split dns. Is it because end user cannot easily
configure split dns p
On Mon, Sep 28, 2020 at 06:36:02PM +0200, Florian Weimer wrote:
> * Andrew Lutomirski:
>
> > Paul may well have been mixing different things here, but I don't
> > think you answered the one that seems like the most severe problem:
> > systemd-resolved removed perfectly valid DNSSEC records that we
On Mon, Sep 28, 2020 at 09:44:13AM -0700, Andrew Lutomirski wrote:
> After reading https://github.com/systemd/systemd/issues/8967, I really
> don't think that systemd-resolved's benefits outweigh its harms as a
> default resolver for Fedora. If someone wants to write a
> libfriendlydnsresolver and
I just want to inform / remind that pushing side-tags updates in Bodhi
for releases composed by Bodhi itself (F31, F32 and F33) is currently
slightly broken. The update gets created, but it's never really pushed
to testing and remains in "pending" state.
This will hopefully be fixed in the next
Zbigniew Jędrzejewski-Szmek writes:
> Pfff, now I'm confused. Here is a case where systemd-resolved
> implements the standard, and some people were unhappy because they
> were relying on sloppy implementations which don't follow the RFC.
Yes, welcome to software development!
Sometimes people ca
On Mon, 28 Sep 2020 at 13:05, Zbigniew Jędrzejewski-Szmek
wrote:
> On Mon, Sep 28, 2020 at 09:44:13AM -0700, Andrew Lutomirski wrote:
> > After reading https://github.com/systemd/systemd/issues/8967, I really
> > don't think that systemd-resolved's benefits outweigh its harms as a
> > default res
On Mon, Sep 28, 2020 at 9:26 AM clime wrote:
> On Mon, 28 Sep 2020 at 14:44, Richard Shaw wrote:
> >
> > I haven't seen anything obvious in the mailing list lately so maybe it's
> just me?
> >
> > $ rpkg
> > 'Namespace' object has no attribute 'command'
>
> Hello,
>
> What are versions of rpkg a
On Mon, Sep 28, 2020 at 01:15:36PM -0400, Stephen John Smoogen wrote:
> On Mon, 28 Sep 2020 at 13:05, Zbigniew Jędrzejewski-Szmek
> wrote:
>
> > On Mon, Sep 28, 2020 at 09:44:13AM -0700, Andrew Lutomirski wrote:
> > > After reading https://github.com/systemd/systemd/issues/8967, I really
> > > do
On Mon, Sep 28, 2020 at 04:59:17PM +, Zbigniew Jędrzejewski-Szmek wrote:
> On Mon, Sep 28, 2020 at 06:36:02PM +0200, Florian Weimer wrote:
> > * Andrew Lutomirski:
> >
> > > Paul may well have been mixing different things here, but I don't
> > > think you answered the one that seems like the m
On Mon, 28 Sep 2020 at 19:17, Richard Shaw wrote:
>
> On Mon, Sep 28, 2020 at 9:26 AM clime wrote:
>>
>> On Mon, 28 Sep 2020 at 14:44, Richard Shaw wrote:
>> >
>> > I haven't seen anything obvious in the mailing list lately so maybe it's
>> > just me?
>> >
>> > $ rpkg
>> > 'Namespace' object ha
On Mon, Sep 28, 2020 at 6:56 pm, Tomasz Torcz
wrote:
This link second time… there's a lot of text, but no example of
configuration file for split dns. Is it because end user cannot
easily
configure split dns permanently?
You can configure custom DNS servers per-network in NetworkManager
se
On Mon, Sep 28, 2020 at 01:14:14PM -0400, Robbie Harwood wrote:
> Zbigniew Jędrzejewski-Szmek writes:
>
> > Pfff, now I'm confused. Here is a case where systemd-resolved
> > implements the standard, and some people were unhappy because they
> > were relying on sloppy implementations which don't f
On Mon, Sep 28, 2020 at 1:20 PM Chuck Anderson wrote:
>
> On Mon, Sep 28, 2020 at 04:59:17PM +, Zbigniew Jędrzejewski-Szmek wrote:
> > On Mon, Sep 28, 2020 at 06:36:02PM +0200, Florian Weimer wrote:
> > > * Andrew Lutomirski:
> > >
> > > > Paul may well have been mixing different things here,
On Mon, Sep 28, 2020 at 05:26:50PM +, Zbigniew Jędrzejewski-Szmek wrote:
> On Mon, Sep 28, 2020 at 01:14:14PM -0400, Robbie Harwood wrote:
> > Zbigniew Jędrzejewski-Szmek writes:
> >
> > > Pfff, now I'm confused. Here is a case where systemd-resolved
> > > implements the standard, and some pe
On Mon, Sep 28, 2020 at 1:20 pm, Chuck Anderson
wrote:
I thought Fedora was supposed to be First? How can it be if Fedora
chooses to use/configure software by default that is missing critical
DNSSEC functionality and breaks DNS standards?
Well, let's amend that to "first when it's smart to be
Am 28.09.20 um 17:56 schrieb Paul Wouters:
>
>> Because DNSSEC is a disaster area and if you try and use it
>> on random networks you're going to get failed lookups on a
>> reasonable number - it's fine if you're on a known network
>> with decent upstream servers but once you start going out
>> and
This entire discussion is generating enough emails per hour to be an IRC
discussion. Could we please move this discussion to #fedora-devel or
someplace more appropriate?
--
Erich Eickmeyer
Maintainer
Fedora Jam
___
devel mailing list -- devel@lists.f
Zbigniew Jędrzejewski-Szmek writes:
> On Mon, Sep 28, 2020 at 01:14:14PM -0400, Robbie Harwood wrote:
>> Zbigniew Jędrzejewski-Szmek writes:
>>
>> > Pfff, now I'm confused. Here is a case where systemd-resolved
>> > implements the standard, and some people were unhappy because they
>> > were re
On 28.09.2020 18:11, Michael Catanzaro wrote:
> Similarly, system-resolved will allow us to enable DNS over TLS (DoT)
> systemwide for supported providers. That's not enabled in F33, but I
> think we should flip the default for F34.
Btw, Russian Federation is going to completely block DoT and DoH.
1 - 100 of 138 matches
Mail list logo
